search

AndrewPaglusch / FlashPaper

One-time encrypted password/secret sharing
MIT License
374 stars 60 forks source link

Add ability to get JSON data containing URL #86

Closed DarkKronicle closed 1 year ago

DarkKronicle commented 2 years ago

This adds a simple page that returns $message in the JSON format { "url": "<generated_url>" }

Resolves #85

Example of use:

curl -s -X POST -d "secret=<secret>&json=true&submit=" https://<flashpaper>/
AndrewPaglusch commented 2 years ago

I really like this change. I will review it entirely and test it out this week. Thank you for your contribution!

DarkKronicle commented 1 year ago

I get a large portion of HTML/CSS back when using json=true. Perhaps you're returning the JSON a little too late in the process.

$ curl -s -X POST -d "secret=foobar&json=true&submit=" https://internal-testing-instance/
<!DOCTYPE html>
<html lang="en">
[... html/css removed ...]{"url":"http:\/\/internal-testing-instance\/?k=dMGiKCM0oAK8R1INkHbOY8QzdeYkJbJtXoQfUvzE"}

Oh it's probably because it still loads the header in this case

DarkKronicle commented 1 year ago

Should be fixed now (pretty sure)

AndrewPaglusch commented 1 year ago

I think we can simplify your change a bit by doing something like the following.

Towards the top of index.php, we can do a single check to see if the user is requesting a JSON retrieval code. This allows us to remove the two checks in your PR that decide whether to display the header/footer. 

# [...]
require_once("includes/functions.php"); # load functions

# display secret code in json format if requested
if (isset($_POST['json']) && isset($_POST['submit']) && !empty($_POST['secret'])) {
        header("Content-Type: application/json");
        die(display_secret_code(true));
}

require_once('html/header.php'); # display header
# [...]

Below in index.php, we can change the function display_secret_code to be like the following. We rename the $json argument to be $return_only_json and default it to false. This is much easier to understand what the argument is for.

function display_secret_code($return_only_json = false)

Later in the display_secret_code function, we can add this check, which will return the JSON serialized array.

# [...]
if ($return_only_json) {
        return json_encode(array("url" => $message));
}

require_once('html/view_code.php');

This also enables us to remove the html/json_view_code.php file entirely.

AndrewPaglusch commented 1 year ago

@DarkKronicle It looks like there hasn't been any movement on this PR for ~3 weeks. Would you like me to finish it up for you, or are you planning on completing the changes I posted in my last message?